[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Cleanining viruses from netware

To: Full-Disclosure <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Cleanining viruses from netware
From: Gadi Evron <ge@xxxxxxxxxxxx>
Date: Tue, 01 Jun 2004 18:46:55 +0200

Harlan Carvey wrote:

> Gadi,
>
> For the sake of the list, would you be willing to
> share the answer you received?


Begin quote>>>
ST wrote:
---------
It relatively easy if the virus is detectable remotely i.e. it has a
component listening on a port. A simple nmap scan followed by a remote
connect and run of the disinfection tool will work. I prefer this
approach over using the directory service as it catches all active
machines, irrespective of whether they are in the directory or not.

Another approach is to use a login script that runs the disinfection
util automatically, subsequent logins do not run the script. I used the
absence of a file in a directory to indicate that the util had to be
run, run the script and then *IF* successful, create the flag file.

A combo of these methods will rapidly and effectivly catch most of the
infected machines and remove them.
-----

Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Cleanining viruses from netware
  - From: Harlan Carvey

Prev by Date: [Full-Disclosure] Firebird Database Remote Database Name Overflow
Next by Date: [Full-Disclosure] Re: RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability
Previous by thread: Re: [Full-Disclosure] Cleanining viruses from netware
Next by thread: Re: [Full-Disclosure] Cleanining viruses from netware
Index(es):
- Date
- Thread